Bay Area Network Virtualization Meetup
2 likes778 views
This document summarizes a presentation about cloud native networks and Romana cloud native SDN. It discusses how cloud native applications have different network requirements than traditional enterprise applications. Specifically, cloud native apps don't need layer 2 networks. Romana proposes a layer 3 isolation and multi-tenancy model that embeds tenant and segment IDs in IP addresses, simplifying network deployment and eliminating the need for overlays. Segment IDs can map directly to microservices, allowing for transparent service insertion and chaining across local and hybrid cloud deployments. The Romana project provides an open source cloud native SDN implementation of this approach.
Bay Area Network Virtualization Meetup
- 1. CLOUD NATIVE NETWORKS Chris Marino BANV Meetup March 10, 2016 BANV Meetup 3/10/16 romana.io
- 2. Cloud Native Networks • Agenda • Application Development Trends • Network Philosophy • Cloud Native SDN • How it works • Demo BANV Meetup 3/10/16 romana.io Slide 1
- 3. Cloud Native vs. Enterprise Apps • Amazon AWS Style v. Enterprise Apps • Service orientation (Cattle) v. Endpoint orientation (Pets) • Network requirements • Reachable IP addresses v. Auto discovered MAC (ARP on VLANs) • Service orientation further decouples apps from infrastructure • No VM migration • No IP Failover • Good News: Cloud Native apps don’t need layer 2 networks • Avoiding Layer 2 networks eliminates a lot of SDN complexity • Bad News: Layer 2 networks provided a convenient way to isolate apps • Even a small number of VLANs were difficult to automate Bottom Line: Need a new way to isolate networks romana.ioBANV Meetup 3/10/16 Slide 2
- 4. Network Isolation and Multi-tenancy • Physical networks already support multi-tenancy • Have done so for decades • Every tenant gets their own network • HP 16.0.0.0/8 • Apple 17.0.0.0/8 • MIT 18.0.0.0/8 • Ford 19.0.0.0/8 • Isolate layer 3 networks • Assign IP addresses to tenants, and sub tenants as you like. • Route only to authorized endpoints • Filter as necessary • Why has it gotten so complicated? BANV Meetup 3/10/16 romana.io Slide 3
- 5. Network Heresy BANV Meetup 3/10/16 romana.io THE PHYSICAL NETWORK Slide 4
- 6. Romana Cloud Native SDN • Layer 3 based isolation and tenancy model • Topology-aware addressing • Embed tenant and segment IDs in IP addresses • Requires nothing more than standard L3 routing • Hierarchical design simplifies scalable deployment • No virtual network required • Native performance and visibility • Eliminates overlays • Routes map to services 1:1 • Simplifies composition, security and control • Tightly integrated into Cloud Management/Orchestration IPAM romana.ioBANV Meetup 3/10/16 Slide 5
- 7. Complexity melts away • No VLANs, VXLANs, VTEP/VNID, OpenFlow, OVS/OVN/OVSDB • Route aggregation • Eliminates need for route distribution (BGP, XMPP, KVS) • Reduces the number of firewall rules (i.e. network v. endpoint) • Simplifies Operations • Existing tools, techniques and diagnostics all just work • Transparently integrates in to entire DC • Existing security, policy and control systems all work • Policy-based traffic management and control • Firewalls, IDS, LB, etc., etc., etc. BANV Meetup 3/10/16 romana.io Slide 6
- 8. How does it work? • Assign CIDR length for host (node), tenant and segment • Example: host 16, tenant 24, segment 28 • On every host, each tenant gets a real physical CIDR • Tenant can further sub-net for their own private segments • Configure IP addresses that maintain reachability • Only new endpoints need configuration • Apply layer 3 firewall rules for network isolation • Route aggregation collapses the number of rules needed BANV Meetup 3/10/16 romana.io Slide 7
- 9. Example BANV Meetup 3/10/16 romana.io Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Capacity 0 0 0 0 1 0 1 0 Example: Bits Length Purpose 10/8 Network 8 10/8 Network Hosts 8 Up to 255 Hosts Tenants 8 Up to 255 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 4 Up to 16 Endpoints per Segment Host 1 ID CIDR or IP Host 2 ID CIDR or IP Host 3 ID CIDR or IP Physical Addr 192.168.0.10 Physical Addr 192.168.0.11 Physical Addr 192.168.0.12 Host 1 10.1/16 Host 2 10.2/16 Host 3 10.3/16 Tenant 1 10.1.1/24 Tenant 1 10.2.1/24 Tenant 1 10.3.1/24 Segment 1 10.1.1.16/28 Segment 1 10.2.1.16/28 Segment 1 10.3.1.16/28 Pod 1 11 Pod 1 4 Pod 1 4 Pod 2 14 Pod 2 5 Pod 2 5 Tenant 2 10.1.2/24 Tenant 1 10.2.1/24 Tenant 2 10.3.2/24 Segment 1 10.1.2.16/28 Segment 2 10.2.1.32/28 Segment 1 10.3.2.32/28 Pod 1 4 Pod 1 9 Pod 1 9 Pod 2 8 Pod 2 12 Pod 2 12 29-32 25-28 17-24 9-16 1-8 32 28 24 16 8 10.1.1.27 10.3.2.28 10.3.2.25 10.3.1.21 10.3.1.20 10.2.1.44 10.2.1.41 10.2.1.21 10.2.1.20 10.1.2.24 10.1.2.20 10.1.1.40 Location 10/8 Net Mask Host ID Bits (8) Tenant ID Bits (8) Segment ID and IID Up to 255 Hosts Up to 255 Tenants 255 Endpoints for each Tenant Slide 8
- 10. Host 1: 192.168.0.10 on Port 1 Host 2: 192.168.0.11 on Port 2 Host 3: 192.168.0.12 on Port 3 Router, Switch or VPC Physical Deployment BANV Meetup 3/10/16 romana.io 192.168.0.10 192.168.0.11 192.168.0.12 Host 1 Pod 1 10.1.1 .27 G/W: 10.1.0.1/16 Pod 2 10.1.1 .40 Pod 1 10.1.2 .20 Pod 2 10.1.2 .24 Tap Interfaces Host 2 Pod 1 10.2.1 .20 G/W: 10.2.0.1/16 Pod 2 10.2.1 .21 Pod 1 10.2.1 .41 Pod 2 10.2.1 .44 Tap Interfaces Host 3 Pod 1 10.3.1 .20 G/W: 10.3.0.1/16 Pod 2 10.3.1 .21 Pod 1 10.3.2 .25 Pod 2 10.3.2 .28 Tap Interfaces Slide 9
- 11. Networks Define Services • Tenant ID + Segment ID become a Network ID • Natural fit for micro- and shared platform services • Route control to/from mirco services enable transparent service insertion and chaining • Local/remote/hybrid cloud deployments romana.io IP Int IP Int IP Int IP Int L/B Microservice Endpoint F/W Shared Services BANV Meetup 3/10/16 Slide 10
- 12. Segments map to services BANV Meetup 3/10/16 romana.io Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Capacity 0 0 0 0 1 0 1 0 Example: Bits Length Purpose 10/8 Network 8 10/8 Network Hosts 8 Up to 255 Hosts Tenants 8 Up to 255 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 4 Up to 16 Endpoints per Segment Host 1 ID CIDR or IP Host 2 ID CIDR or IP Host 3 ID CIDR or IP Physical Addr 192.168.0.10 Physical Addr 192.168.0.11 Physical Addr 192.168.0.12 Host 1 10.1/16 Host 2 10.2/16 Host 3 10.3/16 Tenant 1 10.1.1/24 Tenant 1 10.2.1/24 Tenant 1 10.3.1/24 Segment 1 10.1.1.16/28 Segment 1 10.2.1.16/28 Segment 1 10.3.1.16/28 Pod 1 11 Pod 1 4 Pod 1 4 Pod 2 14 Pod 2 5 Pod 2 5 Tenant 2 10.1.2/24 Tenant 1 10.2.1/24 Tenant 2 10.3.2/24 Segment 1 10.1.2.16/28 Segment 2 10.2.1.32/28 Segment 1 10.3.2.32/28 Pod 1 4 Pod 1 9 Pod 1 9 Pod 2 8 Pod 2 12 Pod 2 12 29-32 25-28 17-24 9-16 1-8 32 28 24 16 8 10.1.1.27 10.3.2.28 10.3.2.25 10.3.1.21 10.3.1.20 10.2.1.44 10.2.1.41 10.2.1.21 10.2.1.20 10.1.2.24 10.1.2.20 10.1.1.40 Location 10/8 Net Mask Host ID Bits (8) Tenant ID Bits (8) Segment ID and IID Up to 255 Hosts Up to 255 Tenants 255 Endpoints for each Tenant Slide 11 10.x.1.16/28 is Service
- 13. Romana Project • Cloud Native SDN • All details available at romana.io • Open source • Apache 2.0 • Written in Go • www.github.com/romana • Release v0.6 available now • Integration with OpenStack and Kubernetes romana.ioBANV Meetup 3/10/16 Slide 12